Recently, there are increasing attacks on programs executed on apparatuses such as personal computers and digital broadcast receivers. Such programs are tampered with for example, and perform malicious operations. This grows into a serious problem.
In order to solve this problem, Patent Literature 1 discloses an art of increasing the certainty of detecting whether one program has been tampered with by causing a large number of programs to perform mutual monitoring as to tampering. Specifically, as shown in FIG. 61, monitoring modules A and B are each composed of a program to be protected against attacker's tampering (main programs A and B), a program for detecting whether other module has been tampered with (check programs A and B), and information necessary for the corresponding check program to perform tampering detection (check information A and B), such as a hash value of a program that is a target of tampering detection.
The check program A detects whether the main program B and the check program B of the monitoring module B have been tampered with, using the check information A. On the other hand, the check program B detects whether the main program A and the check program A of the monitoring module A have been tampered with, using the check information B. According to this structure, unless the check programs A and B are tampered with at the same time, it is possible to detect whether the main programs A and B and the check programs A and B have been tampered with.